Package "freexl"
Name: |
freexl
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- library for direct reading of Microsoft Excel spreadsheets - devel
- library for direct reading of Microsoft Excel spreadsheets
- library for direct reading of Microsoft Excel spreadsheets - debug
|
Latest version: |
1.0.0g-1ubuntu0.14.04.3 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "freexl" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
freexl (1.0.0g-1ubuntu0.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: Imported changes from Debian's 1.0.0g-1+deb8u5 package
- debian/patches/CVE-2017-2923_CVE-2017-2924.patch
- debian/patches/security-fixes-1.0.5.patch
- CVE-2017-2923 CVE-2017-2924 CVE-2017-7435 CVE-2017-7436 CVE-2017-7437
CVE-2017-7438 CVE-2017-7439
-- Mike Salvatore <email address hidden> Tue, 25 Sep 2018 12:11:00 -0400
|
Source diff to previous version |
CVE-2017-2923 |
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file |
CVE-2017-2924 |
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cau |
CVE-2017-7435 |
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malic |
CVE-2017-7436 |
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malic |
CVE-2017-7437 |
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json reque |
CVE-2017-7438 |
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied co |
CVE-2017-7439 |
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving e |
|
freexl (1.0.0g-1ubuntu0.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: Fix issues in previous security update (LP: #1516257)
- afl-vulnerabilitities-regression.patch: Fix regression introduced by
afl-vulnerabilitities.patch.
- 32bit-multiplication-overflow.patch: Fix 32 bit multiplication overflow
-- Bas Couwenberg Thu, 12 Nov 2015 22:04:49 +0100
|
Source diff to previous version |
1516257 |
[DSA 3208-2] freexl regression update |
|
freexl (1.0.0g-1ubuntu0.14.04.1) trusty-security; urgency=high
* SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service
or possibly execute arbitrary code (LP: #1437087):
- CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a
denial of service (stack corruption) or possibly execute arbitrary code
via a crafted sector in a workbook.
- CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a
denial of service (stack corruption) and possibly execute arbitrary code
via a crafted workbook, related to a "premature EOF."
-- Johan Van de Wauw <email address hidden> Fri, 03 Apr 2015 22:47:20 +0200
|
1437087 |
Multiple vulnerabilities in freexl 1.0.0 |
|
About
-
Send Feedback to @ubuntu_updates